They do send system wide messages asking you to upgrade to Yosemite, so it's possible.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Issues Network Time Protocol Security Fix for OS X Users
- Thread starter MacRumors
- Start date
- Sort by reaction score
They do send system wide messages asking you to upgrade to Yosemite, so it's possible.
Again, I only use Ubuntu for surfing the web - with all upgrades/patches as required. Shellshock, for example, was fixed two days before OSX.
All of my data are on external drives, for use on the Mac, and I don't want to have to pay to upgrade software, or change file attributes, simply because Apple decided to lock my data out.
Many apps that require a paid/free upgrade to run on Lion and beyond simply do the same thing as software that runs on Snow Leopard. If it ain't broke ...
Sigh…..not everybody needs or wants the cloud on their desktop, which makes all of us SL lovers luddites, right?
We're running ML and Mavericks on a couple of laptops, but I've tried to shield my 2010 desktop running SL and iTunes10, from all the newer iOS-like features, which is becoming increasingly difficult.
No, I simply know what's much harsher: dealing with a compromised system.
If you're willing to take action, great. You've been the given the information you need to get started.
Then you will need to determine what is least costly to you: learning how to patch it yourself. Paying someone else with knowledge to do it for you. Running unpatched and bearing the cost of having an unusable computer and perhaps lost data if or when a breach happens. Or upgrading your software to current versions.
The inherent problem with car recalls, is that there is no guarantee that each and every person will be reached. Computers, and cars, change hands, and the makers of those computers and cars aren't always informed of that switch.
In any case, we can extend this car paradigm even further: cars, like computers, are supported by their manufacturers for only so long. At the end of that support period, you can of course keep driving your car, and keep using your computer, but doing so is going to require more work on your part. Timing belts, tires, oil, brakes and shocks are going to need to be changed; software is going to need to be updated. eventually, if you drive your car long enough, the engine and transmission will need to be overhauled; eventually if you use your computer long enough, hard drives and logic boards might need replacement. You will have to get your hands dirty to address these problems, or you'll have to pay someone else to get their hands dirty for you.
We may not like doing these things, and we definitely don't like what these things will do to our wallets, but whether we like it or not, it ultimately falls on the owner to keep abreast of these things and address them. If not, they run the risk of their car - or computer - stranding them.
Yeah, it can be harsh. That's life.
Yes, it would be nice. And again it would be nice if your car vendor paid for all your maintenance items (including things that are vital to life and safety, like new brakes and headlights) for as long as you own your car. But it doesn't happen.
And yea, it would be nice if other experts could provide these updates. Oh, wait, they do!
I understand from personal experience that this is actually not the case, but choosing not to do updates is your choice, and your risk.
Last edited:
Technology was doing that since Windblows 98 - you must either be very young or very old.
That hasn't been my experience. Of course you or I could just snag the appropriate code and patch it ourselves.
My experience is that people running older Macs are not especially bright, have a mac because "it's easier," kind of poor, often female, and don't even know what compile means. And when they get nailed by this exploit, they are going to suffer a lot more than a bright person keeping an older machine going as a hobby like you or I might.
----------
And another thought...
There's a lot of good case law that might serve as the basis for an action against the large software companies finding them liable for exploits exposing people to harm, even decades down the line (see, for example, liability of aircraft manufacturers).
If I were an enterprising lawyer (which I'm not), I might consider filing an action, perhaps a class action, against all the software companies, even the Linux distros, finding them liable for all exploitable code and forcing them to continue to issue security patches more or less indefinitely, just like Cessna is still liable for defects in design/manufacture of aircraft they made in the 1930s.
This thing is basically like an out of warrantee car. You can get it updated all by yourself (or pay someone to do it), but it takes work. Power PC is no longer supported hardware (2005!!) running a no longer supported software (2009). You'd be hard pressed to have companies supporting 9 year old hardware. The fact they still had the OS available 4 years later is the most you could expect.
Updated NTP packages that work with your version.
The Info is here.
http://tenfourfox.blogspot.ca/2014/12/time-time-time-see-whats-become-of-ntpd.html
This site also helps in other PowerPC support.
BTW, took me 20 seconds to find this...
If it was a driver or the Kernel that was at issue, there would not be a easy solution. Good thing those bugs are much rarer. But, for this a solution is not that hard if you Google a bit.
Thanks for the civilized response. Compared to the average person, I am capable with computers. But when it comes to mucking in the lower levels of the OS, I am not qualified.
Unfortunately, it is a bit of a Hobson's choice. I can stay with what I am doing and running some real risk of having issues; or move up and have to dump software that now does not work, that I cannot afford / justifying replacing - then telling the non-profit groups that I support that they are now SOL.
True, but Apple has a much easier way of reaching their users: as someone else noted, through their OS notifications / updates. I did get a notice that there is a OS update for me. But no accompanying information.
The car analogy, like most, is imperfect. However, auto companies seem to be on the hook for safety related recalls forever. I do not expect Apple, nor any other tech company to look after their product forever, and unlike some here, I am not upset that they are not. Yet if this is really such an easy update that I can supposedly do it, then it seems like a small effort on their part.
Thanks for the link. I will follow up.
Are you telling me that you have updated an iPad2 to the latest OS and it works for you? It does not slow down and stutter?
I never update any OS right away. I troll the sites and see what the complaints and problems are. I have read nothing but complaints from iPad2 users. As a result, I decided not to upgrade. My wife has a iPad3 which is about as fast as the iPad2, and I asked her not to upgrade for the same reason. They work perfectly fine and I do not want to replace the hardware for a while. I have other things to do with my savings.
Slightly off topic but still relevant re support and maintenance: I have a perfectly serviceable scanner from a well known company the model being 3200F.
The driver software has not been updated for years and is NOT compatible with Intel machines, I have asked for the source code but they won't supply it, I believe that I should at least be able to support my scanner myself.
If Apple should support OS versions over 10 years old then so should all peripheral suppliers IMHO
The driver software has not been updated for years and is NOT compatible with Intel machines, I have asked for the source code but they won't supply it, I believe that I should at least be able to support my scanner myself.
If Apple should support OS versions over 10 years old then so should all peripheral suppliers IMHO
I do not run PowerPC hardware. But some of the software that I cannot afford to replace is PowerPC software.
I did do a search. Unfortunately what I came up with was not helpful.
https://www.google.com/search?q=NTP+hack+snow+lepoard&ie=utf-8&oe=utf-8
I think one of the keys is being knowledgeable enough to know what search terms to use and I (and most users) are not. That is why we rely on Apple and tech support.
Thanks for doing the search for me.
http://www.computerworld.com/article/2476004/mac-os-x/why-mac-users-still-use-os-x-snow-leopard.html
As of March of this year:
"Macs running Snow Leopard still account for around 25 percent of active Macs. The implication is that these users are still using older Macs, and are on Snow Leopard to run OS X on them.
Why?
Two reasons: one is Apple; another is Adobe."
Actually, I do lump Snow Leopard since you care to name this particular version in the same legacy camp as DOS. The age in years is really quite irrelevant.
I have some legacy software on my laptop that will only run under Windows XP. I don't have XP installed natively, but I do run it as a virtual machine for exactly this reason. I'd be surprised if you couldn't find a VMWARE for all your legacy programs.
By the way, your reading has been very selective if you think that all recent OS developments are concerned with eye candy.
That would be a stratum 1 authority server. Stratum 0 is the reference clock itself that the server gets its time from.
That aside, simply having ntp activated on a Mac system keeps port UDP/123 open and listening, because ntpd acts as both a client and a server. So if the system is not shielded from the Internet in some way (such as by NAT), then it is open to exploit. Even if shielded from the Internet, it is open to exploit on whatever local LAN it inhabits.
Thank you, I've been trying to find out how this security threat impacts the average user, not one of the articles reported what this threat actually represented.
----------
So you are saying that any average user can be compromised simply by visiting any website?
Upgrades every 5 years if he stays on an LTS. If he were to move to Centos it would be every 10 years. Personally I think Ubuntu a big pile of bloated excrement and will never make it onto any computer I own but for a person that just wants an internet box its fine. I do prefer Linux to OSX I spend 8 hours a day in front of a Mac Pro it's nice to come home a use Linux.
Does the work you do for non-profits require that computer to have internet access? If it's possible to use or otherwise obtain a cheap computer for internet access (there are lots of Chromebooks/boxes under $300), you can keep your current Mac offline and continue to use the OS X and software versions you currently have. Another option, as others have mentioned, is to get a new Mac and run the old OS X & software in a virtual machine (without any network access of course).
No website visit is necessary. Just being "on the Internet" with an open, vulnerable port exposed is enough. Hackers scan all Internet connected devices regularly looking for the ports that have holes.
It is not really as bad as that, though. Of the six vulnerabilities that were discovered, five of them can be mitigated without any patching by simply having restrict......noquery in the ntp configuration file, which Macs have had as a default even back to Snow Leopard. The sixth vulnerability involves using cryptographic techniques for secure communication between ntp machines, which requires the user to have modified the default configuration on OS X for this purpose. I doubt this affects many Mac users.
Most home users are behind a router of some kind (DSL, cable modem, etc) which provides network address translation (NAT), and which shields any open ports unless you specifically punch a hole through for that port. So overall, the risk was very small for average Mac users, but again it is a good thing to have it all fixed.
Snow Leopard fix - Apple Open Source patches?
Agreed! I am on Mavericks 10.9.5 at work (we're blocked from downloading Yosemite; but I'd wait until 10.10.2 is out anyway) and I far, far prefer my 2010 Mac Pro running 10.6.8 at home.
I basically depend on Mail.app for my livelihood and the Mavericks Mail.app is still ridiculously slow compared to Snow Leopard's. They broke it back in the first release of Lion and it's never been the same since.
I can do a Synchronize All Accounts on my four e-mail accounts in Snow Leopard's Mail and it will finish minutes before a Synchronize All Accounts on my one e-mail account at work. That is absolutely absurd. I'd be happy to upgrade to Yosemite if they made Mail match the Snow Leopard version - until then, GTFO.
Anyway, to make this relevant, has anyone tried patching the Apple Open Source project version of NTP ("ntp-92" - corresponds to ntpd 4.2.6 sources, needs to be at least something newer than 4.2.8) on Snow Leopard? Back when the "shellshock" vulnerability hit, I was able to patch the Apple Open Source bash code on Snow Leopard with good results.
Source Browser - ntp-92
Agreed! I am on Mavericks 10.9.5 at work (we're blocked from downloading Yosemite; but I'd wait until 10.10.2 is out anyway) and I far, far prefer my 2010 Mac Pro running 10.6.8 at home.
I basically depend on Mail.app for my livelihood and the Mavericks Mail.app is still ridiculously slow compared to Snow Leopard's. They broke it back in the first release of Lion and it's never been the same since.
I can do a Synchronize All Accounts on my four e-mail accounts in Snow Leopard's Mail and it will finish minutes before a Synchronize All Accounts on my one e-mail account at work. That is absolutely absurd. I'd be happy to upgrade to Yosemite if they made Mail match the Snow Leopard version - until then, GTFO.
Anyway, to make this relevant, has anyone tried patching the Apple Open Source project version of NTP ("ntp-92" - corresponds to ntpd 4.2.6 sources, needs to be at least something newer than 4.2.8) on Snow Leopard? Back when the "shellshock" vulnerability hit, I was able to patch the Apple Open Source bash code on Snow Leopard with good results.
Source Browser - ntp-92
No one forced you to upgrade to Yoshimite at release
Jokes aside, I'm getting ******* tired of my wireless breaking on my MacBook pro everytime Apple launches a new OS. A lot of bugs I don't mind l but that one is unacceptable, and something I have not experieced on windows.
Either stick the Ethernet port back in macs, or make sure the wireless works.
How can I confirm the update happened?
I'm on Mountain Lion. Does anyone know how I can check that the update has been installed?
Thanks in advance.
I'm on Mountain Lion. Does anyone know how I can check that the update has been installed?
Thanks in advance.
Yes. I maintain their website(s). FCP, Dreamweaver, Photoshop and Fireworks are used quite a bit. I receive verbiage and upload it, photos, videos, etc.
Thanks for the thought, though.
----------
Thanks. This is a very different perspective from some who posted that the vulnerability is quite high.